Microsoft renews its attack on nation state “use of technology as a weapon”
You may say it’s a dreamer, but it’s not the only one: Microsoft has launched a global petition calling for “Digital Peace”, renewing its attack on nation state use of “technology as a weapon” in a campaign that calls for a “peaceful digital global society”.
The campaign, in association with NGO Global Citizen and anchored by the https://digitalpeace.microsoft.com microsite, launched over the weekend at the seventh Global Citizen Festival in New York’s Central Park.
It follows a frank critique in the wake of the WannaCry ransomware attack by Microsoft President Brad Smith last year of the stockpiling and exploitation of cybersecurity vulnerabilities, or 0days, by nation states.
“We must demand Digital Peace Now”
A petition set up by the company reads: “Governments are using technology as a weapon, which can devastate people, organizations and entire countries… We must come together as Digital Citizens and call upon our world leaders to create rules of the road that protect our digital society. We must demand Digital Peace Now”.
Computer Business Review signed the petition in the hope not just of Digital Peace, but of assessing how many others had done so, but Microsoft does not disclose the current number of signatories.
The company added, somewhat vaguely: “Digital Peace Now is going to be all about people – people banding together in one collective voice to tell their world leaders that the internet must be a peaceful, shared community. Not a battlefield.”
“There is no Peace without Digital Peace. “
The campaign launches five months after Microsoft called for a digital “Geneva Convention”, joining Arm, Cisco, Facebook, Github, Nokia and 28 other initial signatories backing a Cybersecurity Tech Accord – which includes a promise not to help any government launch cyber attacks “against innocent citizens and enterprises”.
The campaign now numbers 61 corporate members.
They have also promised to protect against “exploitation of technology products and services during their development, design, distribution and use.”
That pledge comes five years after after leaks by NSA contractor Edward Snowden revealed that Microsoft, like many other tech giants, had worked closely with the NSA’s Special Source Operations (SSO) division to put backdoors into its software, allowing, for example, encrypted Outlook chats to be deciphered and read by security services.
Nation States “Need to Take a Different Approach”
Microsoft wrote this weekend: “We know that nation-states are behind the worst digital attacks against both innocent people and the infrastructure that underpins societies – energy, transportation, health care, food and water… ”
“For example, the 2017 “WannaCry” attack – a true wake-up call – tore through cyberspace, hijacking more than 300,000 computers across 150 countries, including computers used by families, hospitals, governments and businesses. WannaCry was followed closely by “NotPetya,” an attack estimated to have caused $10 billion in damage ranging far beyond the initial targets in Ukraine.”
While the website and campaign in general may appear curiously anodyne and lacking detail on precisely what the company is calling for, previous statements by Microsoft suggest it is taking aim squarely at government hoarding of vulnerabilities.
A May 2017 post by Brad Smith said: “The WannaCrypt exploits… were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States.”
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”
He added: “[We are calling for] governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.”